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Description 

IVIETHODS AND SYSTEMS FOR PROVIDING LAWFUL INTERCEPT OF A 
MEDIA STREAM IN A MEDIA GATEWAY 

5 Teclinical Field 

The present invention relates to metliods and systems providing for tine 

lawful Intercept of communication signals. More particularly, the present 
invention relates to methods and systems for lawfully intercepting a media 
stream in a media gateway. 

10 

Baclcqround Art 

Court-authorized access to telephone communications is an important 
too! for effective law enforcement. The introduction of new, digitally-based 
technologies, transmission modes, services, and features have made it 

1 5 increasingly difficult for law enforcement to conduct court-authorized electronic 
surveillance. Tapping calls in packet-based communication networks is 
particularly difficult because communication channels may be dynamically 
provisioned, such that there is no static line to tap, and because subscribers 
frequently move from one service provider to another. In packet-based 

20 communications networks, a media gateway is a network entity that switches 
media stream communications between its input and output ports and may 
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translatethe media stream from one format to another format. Media gateways 
do not participate in call signaling and consequently do not maintain call state 
information. A media gateway controller performs signaling functions to 
establish and tear down calls across media gateways. 

5 One problem with lawfully intercepting communications in conventional 

media gateways is that the protocols used to control connections in media 
gateways fail to provide an easily scalable mechanism for intercepting a media 
stream. For example, the MEGACO protocol, as described in ITU-T 
Recommendation H.248, includes commands for establishing and modifying 

10 contexts in a media gateway. A context is analogous to a call or a 
communications session between one or more parties. In a media gateway, a 
context is defined by its endpoints, referred to as terminations. Typically, a 
context has two terminations in the media gateway - one for communications 
to and from one party and one for communications to and from another party. 

1 5 The context also defines the direction of the communication, or media stream, 
between the terminations. 

Figure 1 is a blockdiagram of a call context 100 having a lawful intercept 
through a media gateway modeled after a traditional three-way calling 
configuration. In Figure 1, the call context includes a bidirectional media 

20 stream 102 between Termination A 104 and Termination B 106 in a media 
gateway 1 07. The media stream 1 02 carries media traffic between Termination 
A 104 and Termination B 106 and allows end users to communicate normally. 
A third termination, Intercept A 108, is added to the context to accommodate 
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authorized monitoring of tlie media stream 102 by law enforcement. A TDIVI 
matrix 109 switches the media stream 102, 110 between the terminations. 
Normally, in a three-way call, the media stream between each termination is bi- 
directional. However, it is desirable for the media stream 110 toward Intercept 
5 A 108 to be one-way to prevent sound that might lead to the detection of 
Intercept A from being received by the other terminations. Thus, the media 
stream 110 toward Intercept A 108 is configured as a one way only stream to 
allow law enforcement to monitor the call without interference. 

The MEGACO protocol provides for a topology descriptor, which is used 

10 to specify flow directions between terminations in a context. The default 
topology of a context is that each termination's transmission is received by all 
other terminations. Changing the association between terminations changes 
the topology of a context. Thus, to implement a lawful intercept using the 
topology descriptor, the lawful intercept media streams should be configured as 

1 5 one-way toward the law enforcement monitoring termination. 

A shortcoming of this arrangement becomes apparent if more than one 
law enforcement agency is intercepting the media stream. As shown in Figure 
2, three intercept terminations 108 have been added to the call context to 
accommodate interception by three different agencies. Changes made to the 

20 call impact each termination in the context. For example, if the end user on 
Termination A 104 wishes to add another termination to establish a three-way 
conversation or if one of the law enforcement agencies wishes to cease its 
interception of the call, the topology descriptor in the call context would need to 
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be updated, which involves several steps of MEGACO commands. This can be 
a cumbersome management task and may result in delays in establishing or 
terminating calls. Moreover, the media gateway may limit the number of 
terminations permitted in a call context. The limitation on terminations may limit 
5 the number of lawful intercepts that could be applied and may altogether 
prevent the application of a lawful intercept. 

Accordingly, there is a need to provide a mechanism to pennit the lawful 
intercept of a call while minimizing the increased load on call management 
resources. 

10 

Summarv of the Invention 
According to one aspect, the present invention includes a method for 
providing lawful intercept of a media stream in a media gateway. The method 
includes establishing a call context between a first termination and a second 

1 5 termination. The call context defines a call media stream between the first and 
second terminations associated with a call between first and second end users. 
The method also includes establishing a tap context, which contains at least 
one tap termination. The at least one tap termination refers to the target 
termination (first termination). The tap context defines a one-way media stream 

20 that carries a portion of the call media stream from the first termination to the 
tap termination. 

According to another aspect, the present invention includes a media 
gateway with lawful intercept capability. The media gateway includes a plurality 
of network interfaces for sending and receiving media streams to and from 
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external networks. A plurality of voice processing resources are operatively 
associated with the network interfaces for processing the media streams 
received from the external networks. A controller is operatively associated with 
the network interfaces and the voice processing resources for controlling the 

5 network interfaces and the voice processing resources to establish a call 
context in the media gateway for a call between first and second end users. 
The controller, in response to a request for a lawful intercept of the call, 
controls the network interfaces and the voice processing resources to establish 
a tap context. The tap context includes at least one tap termination, which 

1 0 refers to one of the first and second terminations. 

According to another aspect, the present invention includes a system for 
providing lawful intercept of a media stream in one or more media gateways. 
The system includes a media gateway controller for generating media gateway 
control commands for establishing contexts through media gateways for calls 

1 5 between first and second end users that use the media gateways. At least one 
media gateway is operatively associated with the media gateway controller for, 
in response to the commands from the media gateway controller, establishing a 
call context for a call between first and second end users. The call context 
includes first and second terminations initialized for bi-directional 

20 communications. In response to commands from the media gateway controller, 
the media gateway establishes a tap context that has at least one tap 
termination, which refer to one of the first and second terminations. The at 
least one tap termination receives the media stream of the mouth, the ear, or a 
mix of mouth and ear from one of the first and second terminations. 
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Accordingly, it is an object of the invention to provide a mechanism to 
permit the lawful intercept of a call while minimizing the increased load on call 
management resources. 

Some of the objects of the invention having been stated hereinabove, 
5 other objects will become evident as the description proceeds when taken in 
connection with the accompanying drawings as best described hereinbelow. 



Brief Description of the Drawings 
Preferred embodiments of the invention will now be explained with 
1 0 reference to the accompanying drawings of which: 

Figure 1 is a block diagram of a call context having a lawful intercept 
through a media gateway; 

Figure 2 is a block diagram of a call context having three lawful intercept 
terminations through a media gateway; 
15 Figure 3 is a block diagram of a media gateway that may be used to 

implement an embodiment of the invention; 

Figure 4 is a flow diagram of a method of providing lawful intercept in a 
media gateway controller in accordance with the invention; 

Figure 5 is a block diagram of a call context having a lawful intercept 
20 through a media gateway in accordance with the invention; 

Figure 6 is a diagram of a communication network implementation of 
lawful call intercept using independent tap contexts in accordance with the 
invention; and 
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Figure 7 is a message flow diagram of an exemplary embodiment of 
lawful call Intercept using independent tap contexts in accordance with the 
invention. 

5 Detailed Description of the Invention 

Figure 3 is a block diagram of a media gateway 301 that may be used to 
implement an embodiment of the invention. The media gateway 301 includes a 
control module 303 that functions as the command interface for a media 
gateway controller 305. Commands from the media gateway controller 305 are 

10 received and processed by the control module 303. The control module 303 
may, in turn, provide instructions to or acquire information from other modules 
within the media gateway 301 in order to comply with the commands from the 
media gateway controller 305. According to the present invention, the media 
gateway controller 305 may send commands to the controller 303 to effect 

15 lawful intercepts in accordance with the present invention. Exemplary 
commands and lawful intercept scenarios will be described in detail below. 

The media gateway 301 may also include interfaces for sending and 
receiving media streams to and from a plurality of different types of networks. 
For example, the media gateway 301 may also include time division 

20 multiplexed (TDM) network interface cards (NIC) 307. TDM network interface 
cards 307 send and receive media streams to and from external TDM 
networks. TDM network interface cards 307 may implement any suitable 
physical layer protocol for sending and receiving messages over TDM links. 
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For example, each TDM NIC 307 may terminate one or more TDM voice 
trunks. 

In addition to TDM network interface cards 307, the media gateway 301 
may include packet network interface cards 309. Each packet network 

5 interface card 309 may implement network layer functions and packet 
fonA/arding functions, including Internet protocol (IP) fonwarding functions. In 
the illustrated example, different packet network interface cards are provided to 
connect to external Ethernet, Packet Over SONET (POS), and asynchronous 
transfer mode (ATM) networks, multi-protocol label switching (MPLS), frame 

1 0 relay, or any other suitable packet interface. 

In Figure 3, the media gateway 301 includes voice server modules 31 1 , 
which may include circuitry for implementing one or more voice over packet 
protocols, such as RTP, AAL1 , AAL2, or any other suitable voice over packet 
protocol. In order to switch packets from network interface cards 309 to the 

1 5 appropriate voice server module 31 1 , the media gateway 301 includes a packet 
matrix module 313. The packet matrix module 313 switches packets under the 
control of the control module 303. In addition to packet matrix module 313, 
media gateway 301 includes a TDM matrix module 315 for switching data in 
TDM time slots between TDM NICs 307 and voice server modules 311. TDM 

20 matrix modules 315 are also controlled by control module 303. 

In the lawful intercept scenarios described below, the media gateway 
may be similar in structure to the media gateway 301 illustrated in Figure 3. 
However, the present invention is not limited to performing the lawful intercept 
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routines described herein using a media gateway structure identical to tliat 
illustrated in Figure 3. Any suitable media gateway capable of receiving 
commands from an internal or external media gateway controller and 
establishing independent tap contexts for lawful intercepts based on the 

5 commands is intended to be within the scope of the invention. 

Figure 4 is a flow diagram of exemplary control logic for a media 
gateway controller for providing lawful intercept in a media gateway in 
accordance with the invention. A media gateway controller sending appropriate 
messages to one or more media gateways may perform the steps involved in 

10 the lawful intercept procedure. The lawful intercept procedure may be 
performed during the set-up phase of the call, although law enforcement 
intercepts (taps) may be added or removed at any time during the call. 

In step 401, a media gateway controller (MGC) instructs a media 
gateway (MG) to create a call context that includes a first termination and a 

1 5 second termination. The MGC may send this instruction as part of the initial 
call set-up between the first and second terminations or when adding additional 
terminations to an existing call to support, for example, a three-way call or a 
multi-party teleconference. 

In step 403, the MGC determines if either the first or second termination 

20 is the target of a lawful intercept by consulting, for example, a database of 
court-authorized wiretaps. Such a database would likely include a unique 
identifier, such as a telephone number, of the party being tapped and a 
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reference to the law enforcement agency or agencies authorized to receive the 
tapped media stream. 

If one or more taps are authorized, the MGC instructs the MG to create a 
tap context for each authorized tap (step 405). In accordance with the 

5 invention, the tap context includes one or two law enforcement (or tap) 
terminations that contain information referring to a target termination. Media 
streams in the tap context are defined as one-way from the target termination 
to the tap termination. Separate media streams may originate from the ear 
(i.e., the media stream received by the target termination in the call context) 

10 and the mouth (i.e., the media stream originated by the target termination in the 
call context) of the target termination, or these media streams may be 
combined by a summing circuit and delivered to the tap termination as a single 
stream. 

According to an important aspect of the invention, tap contexts may be 
15 created, modified, and released independently from the call context and 
independently from each other. By "independently," it is meant that tap 
contexts can be created and released without requiring changes to the 
topologies of the call context or the other tap contexts. This independence of 
tap contexts greatly reduces the administrative load and complexity on a media 
20 gateway controller and media gateway used to perform the tapping, especially 
when multiple tap contexts from different law enforcement agencies are used to 
monitor the same call. Exemplary extensions to the MEGACO protocol for 
establishing, terminating, and releasing independent tap contexts will be 
described in more detail below. 
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Step 407 completes the set-up of the call context by enabling send and 
received data streams between the first and second terminations. The timing 
of the execution of this step is independent of the creation of the tap context 
(step 405). Thus, the first and second terminations may have initiated two-way 

5 communication before the tap context has been completely established. 

Figure 5 is a block diagram of a call context 500 having a lawful intercept 
through a media gateway 507 in accordance with the invention. In Figure 5, 
the call context 500 includes a tapped context 501 and a tapping context 503. 
The tapped context 501 includes a bidirectional media stream 502 between 

1 0 Termination A 504 and Termination B 506 in a media gateway 507. The media 
stream 502 carries media traffic between Temnination A 504 and Termination B 
506 and allows end users to communicate normally. A TDM / Packet matrix 
509 switches the media stream 502 between the terminations. 

Intercept A 508 is added to the context to accommodate authorized 

15 monitoring of the media stream 502 by law enforcement. Intercept A 508 
includes at least one tap termination 512, 514. More specifically, Figure 5 
shows Intercept A 508 including TapTermI 512 and TapTerm2 514. It is 
desirable for the media stream 510 toward the at least one tap temnination 512, 
514 of Intercept A 508 to be one-way to prevent sound that might lead to the 

20 detection of Intercept A 508 from being received by the other terminations. 
Thus, the media stream 510 of the tapping context 503 toward the at least one 
tap termination 512, 514 of Intercept A 508 is configured as a one way only 
stream to allow law enforcement to monitor the call without interference. As will 
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be explained in greater detail below, the tap context contains the identity of the 
termination to be tapped (i.e., Termination A 504) and a tapping mode. The 
tapping mode may be defined as mouth, ear, or mouth and ear. If the tapping 
mode is mouth, the tap termination receives a media stream that corresponds 
to the mouth portion of the tapped user's call. If the tapping mode is ear, the 
tap termination receives a media stream that corresponds to the ear portion of 
the tapped user's call. If the tapping mode is ear and mouth, the tap 
termination receives a mixed media stream that corresponds to the mouth and 
ear of the tapped user's call. In Figure 5, the tapping context 503 includes two 
media streams 510 from Termination A 504 to TapTermI 512 and TapTerm2 
514 of Intercept A 508. One of these streams carries the mouth portion of the 
call and the other carries the ear portion of the call. As one would appreciate, if 
the selected tapping mode was mouth and ear, only one media stream 510 
would be established between Termination A 504 and Intercept A 508. 
Similarly, the tapping agent may only be interested in a portion of the call and 
may set the tapping mode to either mouth or ear to monitor the portion of 
interest. In this case, only one media stream 510 would be established 
between Termination A 504 and a tap termination of Intercept A 508 as well. 

Figure 6 is a diagram of a communication network implementation of 
lawful call intercept using separate associated contexts in accordance with the 
invention. The exemplary network 600 may be used to transport a call between 
User A 602 and User B 604. User A 602 is connected to the network through a 
service switching point (SSP) 606 or an equivalent entity. Similarly, User B 604 
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is connected to the network through SSP 608. In a conventional network, 
SSPs perform various functions, including originating, terminating, and 
switching calls. In an exemplary embodiment, SSP 606 may comprise media 
gateway controller (MGC) 610 and media gateway (MG) 612. Signaling 
information is transmitted from User A 602 to MG 612, and forwarded by MG 
612 to MGC 610 for processing. Depending on the particular signaling 
information received, the MGC 610 may fonward the information to a 
destination SSP, such as SSP 608, or instruct MG 612 to perform some 
function, such as modifying a context of a voice connection between User A 
602 and User B 604. Using the procedure described below, the MGC 610 may 
also instmct the MG 612 to create a tap context that includes a law 
enforcement agent 614. To ensure that the law enforcement agent 614 can 
monitor all of the calls made and received by User A 602, tap temninations 616 
should be configured on the same SSP 606 as User A 602. Thus, in Figure 6, 
User A 602 is connected to Termination A 618 of MG 612. Termination B 620 
terminates a trunk from SSP 608. MG 612 also includes two tap terminations 
616 for law enforcement agent 614. 

Figure 7 is a message flow diagram of an exemplary embodiment of 
lawful call intercept using independent tap contexts in accordance with the 
invention. The diagram depicts a simplified message flow for a call setup 
sequence using the ITU-T Recommendation Q.931 and ISUP protocols. One 
skilled in the art would recognize that the exemplary embodiment of the 
invention may be adapted for use with other equivalent signaling protocols. 
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such as SIP, SIP-T, BICC, H.323, MGCP. MEGACO etc. In the description that 
follows, network elements are referred to using the same reference numerals 
used in Figure 6. These references are made to assist in the understanding of 
the exemplary embodiment of the invention and not to limit the invention to any 
5 particular network configuration. 

In Figure 7, User A 602 initiates a call to User B 604 by dialing the 
phone number of User B 604. The phone number is received at the SSP 606 
serving User A 602 and an initial address message (lAM) is sent from the SSP 
606 to the MGC 610. The MGC 610 responds by instructing the MG 612 to 

1 0 create a call context with User A 602 and User B 604 as terminations (step 1 ). 
It should be appreciated that in Figure 7, the termination descriptors have been 
simplified to indicate "TermA" or "TemnB", rather than using the termination 
descriptors defined in the MEGACO standard, in an attempt to simplify the 
message flow diagram. Once the MGC 610 receives an acknowledgement 

15 from the MG 612 (step 2), the MGC 610 fonwards the I AM to the SSP 608 
servicing User B 604. 

The MGC 610 determines whether User A 602 is the target of lawful 
surveillance. This determination may be made in a number of ways, such as 
by consulting an internal database or by querying one or more government 

20 databases that contain lists of surveillance targets. If the MGC 610 determines 
that User A 602 is the target of lawful surveillance, the MGC 610 instructs the 
MG 612 to create a tap context (step 3). It should be appreciated that in Figure 
7, the termination descriptor for the tap terminations has been simplified to 
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indicate "TapTerm" rather than using the termination descriptors defined in the 
IVIEGACO standard. The tap context includes one-way media streams from the 
intercept target (i.e., User A 602) to the law enforcement terminations 614. The 
ear and mouth of User A 602 may be sent to the law enforcement terminations 

5 614 as separate media streams (indicated as "TapTerm/Mouth" and 
"TapTerm/Ear" in step 3 of Figure 6) or may be combined into a single stream 
using a summing circuit (not shown). Although Figure 7 shows the creation of a 
single tap context, multiple tap contexts may be created in a similar fashion to 
support surveillance by more than one law enforcement agency. The MG 612 

1 0 indicates the creation of the tap contexts with a response message (step 4). 

The ability to create an individual tap context that refers to an intercept 
target termination within an existing call context is a new feature provided by 
the present invention. In Figure 7, the ADD commands in steps 3 and 4 allow 
the MGC to specify two tap terminations and tapping modes. In response to 

1 5 these commands, the media gateway establishes one-way media streams to 
the specified tap terminations. Three tapping modes are presently defined: 
"mouth," "ear," and "mouth and ear." If the tapping mode is "mouth," then the 
tap termination receives the media stream corresponding to the mouth of (i.e., 
originating from) the tapped user. If the tapping mode is "ear," then the tap 

20 termination receives the media stream corresponding to the ear of (i.e., 
received by) the tapped user. If the tapping mode is "mouth and ear," then the 
tap termination receives a mixed media stream corresponding to the mouth and 
ear of the tapped user. The ADD commands in steps 3 and 4 provide separate 
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mouth and ear media streams, which are shown in Figure 6 as 'TapTermI " and 
"TapTerm2". The ability to specify separate tapping modes allows law 
enforcement agencies to identify the originator of portions of a conversation. 
The steps tal^en by the l\/1GC 61 0 and MG 61 2 in creating the tap context 

5 are independent of the SS7 call processing and of the steps taken within MG 
612 to establish the call context. That is, while MGC 610 and MG 612 perform 
the steps needed to create the tap context, the SSP 608 serving User B 604 
performs the steps needed to complete the connection of the call from User A 
602. For example, when the SSP 608 receives the lAM from the MGC 61 0, the 

1 0 SSP 608 confirms that it is serving User B 604 and that User B 604 is idle. The 
SSP 608 formulates an address complete message (ACM), which indicates 
that the lAM has reached its proper destination and transmits this message 
back through MGC 61 0 to the SSP 606 serving User A 602. At the same time, 
the SSP 608 sends a ring tone to User B 604. When User B 604 answers, the 

1 5 SSP 608 sends an answer message (ANM) to the MGC 610. The MGC 610 
forwards the ANM to the SSP 606 serving User A 602. The MGC 610 also 
instructs the MG 612 to modify the call context between User A 602 and User B 
604 to permit two-way communication (steps 5 and 6). 

In Figure 7, User B 604 ends the conversation by hanging up. The 

20 SSP 608 sends a release message (REL) to the MGC 610. The MGC 610 
instructs the MG 612 to remove the tap context (steps 7 and 8) and then 
remove the call context (step 9). The MGC 610 also sends the RELEASE to 
User A 602. When the MGC 610 receives the response from the MG 612 
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indicating that the call context has been removed, the MGC 610 sends a 
release complete message (RLC) to the SSP 608. 

Thus, the present invention includes methods and systems for providing 
for the lawful intercept of a media stream in a media gateway. The methods 
and systems include the independent creation of a tap context with one or two 
law enforcement terminations that refer to a target termination. The tap context 
provides for a one-way media stream from the target termination to the law 
enforcement termination. The tap context also provides for per-port tapping, 
which permits separate media streams to be created from the ear port and the 
mouth port of the target termination. Per-port tapping permits law enforcement 
to easily determine which portions of a conversation are attributable to each 
party of the call. 

The present invention further provides for the creation of multiple tapping 
contexts to support tapping by multiple law enforcement agencies. Each of the 
tapping contexts can be created, modified, and released independently, 
thereby alleviating the need to reconfigure the call context to accommodate the 
creation or release of a tap termination. 

The invention has been described with respect to an exemplary 
embodiment, which is intended to be illustrative, not restrictive. In light of this 
disclosure, those skilled in the art will likely make alternate embodiments of this 
invention. These and other alternate embodiments are intended to fall within 
the scope of the claims that follow. 



